CfnUserPoolProps¶
-
class
aws_cdk.aws_cognito.
CfnUserPoolProps
(*, account_recovery_setting=None, admin_create_user_config=None, alias_attributes=None, auto_verified_attributes=None, device_configuration=None, email_configuration=None, email_verification_message=None, email_verification_subject=None, enabled_mfas=None, lambda_config=None, mfa_configuration=None, policies=None, schema=None, sms_authentication_message=None, sms_configuration=None, sms_verification_message=None, username_attributes=None, username_configuration=None, user_pool_add_ons=None, user_pool_name=None, user_pool_tags=None, verification_message_template=None)¶ Bases:
object
Properties for defining a
CfnUserPool
.- Parameters
account_recovery_setting (
Union
[IResolvable
,AccountRecoverySettingProperty
,None
]) – Use this setting to define which verified available method a user can use to recover their password when they callForgotPassword
. It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.admin_create_user_config (
Union
[IResolvable
,AdminCreateUserConfigProperty
,None
]) – The configuration for creating a new user profile.alias_attributes (
Optional
[Sequence
[str
]]) – Attributes supported as an alias for this user pool. Possible values: phone_number , email , or preferred_username . .. epigraph:: This user pool property cannot be updated.auto_verified_attributes (
Optional
[Sequence
[str
]]) – The attributes to be auto-verified. Possible values: email , phone_number .device_configuration (
Union
[IResolvable
,DeviceConfigurationProperty
,None
]) – The device configuration.email_configuration (
Union
[IResolvable
,EmailConfigurationProperty
,None
]) – The email configuration of your user pool. The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool.email_verification_message (
Optional
[str
]) – A string representing the email verification message. EmailVerificationMessage is allowed only if EmailSendingAccount is DEVELOPER.email_verification_subject (
Optional
[str
]) –A string representing the email verification subject. EmailVerificationSubject is allowed only if EmailSendingAccount is DEVELOPER.
enabled_mfas (
Optional
[Sequence
[str
]]) – Enables MFA on a specified user pool. To disable all MFAs after it has been enabled, set MfaConfiguration to “OFF” and remove EnabledMfas. MFAs can only be all disabled if MfaConfiguration is OFF. Once SMS_MFA is enabled, SMS_MFA can only be disabled by setting MfaConfiguration to “OFF”. Can be one of the following values: -SMS_MFA
- Enables SMS MFA for the user pool. SMS_MFA can only be enabled if SMS configuration is provided. -SOFTWARE_TOKEN_MFA
- Enables software token MFA for the user pool. Allowed values:SMS_MFA
|SOFTWARE_TOKEN_MFA
lambda_config (
Union
[IResolvable
,LambdaConfigProperty
,None
]) – The Lambda trigger configuration information for the new user pool. .. epigraph:: In a push model, event sources (such as Amazon S3 and custom applications) need permission to invoke a function. So you must make an extra call to add permission for these event sources to invoke your Lambda function. For more information on using the Lambda API to add permission, see AddPermission . For adding permission using the AWS CLI , see add-permission .mfa_configuration (
Optional
[str
]) – The multi-factor (MFA) configuration. Valid values include:. -OFF
MFA won’t be used for any users. -ON
MFA is required for all users to sign in. -OPTIONAL
MFA will be required only for individual users who have an MFA factor activated.policies (
Union
[IResolvable
,PoliciesProperty
,None
]) – The policy associated with a user pool.schema (
Union
[IResolvable
,Sequence
[Union
[IResolvable
,SchemaAttributeProperty
]],None
]) – The schema attributes for the new user pool. These attributes can be standard or custom attributes. .. epigraph:: During a user pool update, you can add new schema attributes but you cannot modify or delete an existing schema attribute.sms_authentication_message (
Optional
[str
]) – A string representing the SMS authentication message.sms_configuration (
Union
[IResolvable
,SmsConfigurationProperty
,None
]) – The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account .sms_verification_message (
Optional
[str
]) – A string representing the SMS verification message.username_attributes (
Optional
[Sequence
[str
]]) – Determines whether email addresses or phone numbers can be specified as user names when a user signs up. Possible values:phone_number
oremail
. This user pool property cannot be updated.username_configuration (
Union
[IResolvable
,UsernameConfigurationProperty
,None
]) – You can choose to set case sensitivity on the username input for the selected sign-in option. For example, when this is set toFalse
, users will be able to sign in using either “username” or “Username”. This configuration is immutable once it has been set.user_pool_add_ons (
Union
[IResolvable
,UserPoolAddOnsProperty
,None
]) – Enables advanced security risk detection. Set the keyAdvancedSecurityMode
to the value “AUDIT”.user_pool_name (
Optional
[str
]) – A string used to name the user pool.user_pool_tags (
Optional
[Any
]) – The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.verification_message_template (
Union
[IResolvable
,VerificationMessageTemplateProperty
,None
]) – The template for the verification message that the user sees when the app requests permission to access the user’s information.
- Link
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito # user_pool_tags: Any cfn_user_pool_props = cognito.CfnUserPoolProps( account_recovery_setting=cognito.CfnUserPool.AccountRecoverySettingProperty( recovery_mechanisms=[cognito.CfnUserPool.RecoveryOptionProperty( name="name", priority=123 )] ), admin_create_user_config=cognito.CfnUserPool.AdminCreateUserConfigProperty( allow_admin_create_user_only=False, invite_message_template=cognito.CfnUserPool.InviteMessageTemplateProperty( email_message="emailMessage", email_subject="emailSubject", sms_message="smsMessage" ), unused_account_validity_days=123 ), alias_attributes=["aliasAttributes"], auto_verified_attributes=["autoVerifiedAttributes"], device_configuration=cognito.CfnUserPool.DeviceConfigurationProperty( challenge_required_on_new_device=False, device_only_remembered_on_user_prompt=False ), email_configuration=cognito.CfnUserPool.EmailConfigurationProperty( configuration_set="configurationSet", email_sending_account="emailSendingAccount", from="from", reply_to_email_address="replyToEmailAddress", source_arn="sourceArn" ), email_verification_message="emailVerificationMessage", email_verification_subject="emailVerificationSubject", enabled_mfas=["enabledMfas"], lambda_config=cognito.CfnUserPool.LambdaConfigProperty( create_auth_challenge="createAuthChallenge", custom_email_sender=cognito.CfnUserPool.CustomEmailSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), custom_message="customMessage", custom_sms_sender=cognito.CfnUserPool.CustomSMSSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), define_auth_challenge="defineAuthChallenge", kms_key_id="kmsKeyId", post_authentication="postAuthentication", post_confirmation="postConfirmation", pre_authentication="preAuthentication", pre_sign_up="preSignUp", pre_token_generation="preTokenGeneration", user_migration="userMigration", verify_auth_challenge_response="verifyAuthChallengeResponse" ), mfa_configuration="mfaConfiguration", policies=cognito.CfnUserPool.PoliciesProperty( password_policy=cognito.CfnUserPool.PasswordPolicyProperty( minimum_length=123, require_lowercase=False, require_numbers=False, require_symbols=False, require_uppercase=False, temporary_password_validity_days=123 ) ), schema=[cognito.CfnUserPool.SchemaAttributeProperty( attribute_data_type="attributeDataType", developer_only_attribute=False, mutable=False, name="name", number_attribute_constraints=cognito.CfnUserPool.NumberAttributeConstraintsProperty( max_value="maxValue", min_value="minValue" ), required=False, string_attribute_constraints=cognito.CfnUserPool.StringAttributeConstraintsProperty( max_length="maxLength", min_length="minLength" ) )], sms_authentication_message="smsAuthenticationMessage", sms_configuration=cognito.CfnUserPool.SmsConfigurationProperty( external_id="externalId", sns_caller_arn="snsCallerArn", sns_region="snsRegion" ), sms_verification_message="smsVerificationMessage", username_attributes=["usernameAttributes"], username_configuration=cognito.CfnUserPool.UsernameConfigurationProperty( case_sensitive=False ), user_pool_add_ons=cognito.CfnUserPool.UserPoolAddOnsProperty( advanced_security_mode="advancedSecurityMode" ), user_pool_name="userPoolName", user_pool_tags=user_pool_tags, verification_message_template=cognito.CfnUserPool.VerificationMessageTemplateProperty( default_email_option="defaultEmailOption", email_message="emailMessage", email_message_by_link="emailMessageByLink", email_subject="emailSubject", email_subject_by_link="emailSubjectByLink", sms_message="smsMessage" ) )
Attributes
-
account_recovery_setting
¶ Use this setting to define which verified available method a user can use to recover their password when they call
ForgotPassword
.It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.
-
admin_create_user_config
¶ The configuration for creating a new user profile.
-
alias_attributes
¶ phone_number , email , or preferred_username .
This user pool property cannot be updated.
- Link
- Type
Attributes supported as an alias for this user pool. Possible values
- Return type
Optional
[List
[str
]]
-
auto_verified_attributes
¶ The attributes to be auto-verified.
Possible values: email , phone_number .
- Link
- Return type
Optional
[List
[str
]]
-
device_configuration
¶ The device configuration.
-
email_configuration
¶ The email configuration of your user pool.
The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool.
-
email_verification_message
¶ A string representing the email verification message.
EmailVerificationMessage is allowed only if EmailSendingAccount is DEVELOPER.
-
email_verification_subject
¶ A string representing the email verification subject.
EmailVerificationSubject is allowed only if EmailSendingAccount is DEVELOPER.
-
enabled_mfas
¶ Enables MFA on a specified user pool.
To disable all MFAs after it has been enabled, set MfaConfiguration to “OFF” and remove EnabledMfas. MFAs can only be all disabled if MfaConfiguration is OFF. Once SMS_MFA is enabled, SMS_MFA can only be disabled by setting MfaConfiguration to “OFF”. Can be one of the following values:
SMS_MFA
- Enables SMS MFA for the user pool. SMS_MFA can only be enabled if SMS configuration is provided.SOFTWARE_TOKEN_MFA
- Enables software token MFA for the user pool.
Allowed values:
SMS_MFA
|SOFTWARE_TOKEN_MFA
- Link
- Return type
Optional
[List
[str
]]
-
lambda_config
¶ The Lambda trigger configuration information for the new user pool.
In a push model, event sources (such as Amazon S3 and custom applications) need permission to invoke a function. So you must make an extra call to add permission for these event sources to invoke your Lambda function.
For more information on using the Lambda API to add permission, see AddPermission .
For adding permission using the AWS CLI , see add-permission .
-
mfa_configuration
¶ .
OFF
MFA won’t be used for any users.ON
MFA is required for all users to sign in.OPTIONAL
MFA will be required only for individual users who have an MFA factor activated.
- Link
- Type
The multi-factor (MFA) configuration. Valid values include
- Return type
Optional
[str
]
-
policies
¶ The policy associated with a user pool.
-
schema
¶ The schema attributes for the new user pool. These attributes can be standard or custom attributes.
During a user pool update, you can add new schema attributes but you cannot modify or delete an existing schema attribute.
- Link
- Return type
Union
[IResolvable
,List
[Union
[IResolvable
,SchemaAttributeProperty
]],None
]
-
sms_authentication_message
¶ A string representing the SMS authentication message.
-
sms_configuration
¶ The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service.
To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account .
-
sms_verification_message
¶ A string representing the SMS verification message.
-
user_pool_add_ons
¶ Enables advanced security risk detection.
Set the key
AdvancedSecurityMode
to the value “AUDIT”.
-
user_pool_name
¶ A string used to name the user pool.
The tag keys and values to assign to the user pool.
A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
-
username_attributes
¶ Determines whether email addresses or phone numbers can be specified as user names when a user signs up.
Possible values:
phone_number
oremail
.This user pool property cannot be updated.
- Link
- Return type
Optional
[List
[str
]]
-
username_configuration
¶ You can choose to set case sensitivity on the username input for the selected sign-in option.
For example, when this is set to
False
, users will be able to sign in using either “username” or “Username”. This configuration is immutable once it has been set.
-
verification_message_template
¶ The template for the verification message that the user sees when the app requests permission to access the user’s information.